ACCESS-CONTROL (1) apache (2) API-TESTING (1) AUTHENTICATION-VULNERABILITIES (1) bash-script (1) batch-replacement (1) bruteforce (2) BUSINESS-LOGIC-FLOWS (1) Chisel (1) CLICKJACKING (1) cms (1) command-injection (1) CORS (1) cronjob (1) CSRF (1) ctf (3) CVE (4) CVE-2018-1335 (1) CVE-2021-44228 (1) CVE-2023-2255 (1) CVE-2023-23752 (1) cve-2023-41425 (1) CVE-2023-43364 (1) cve-2024-41817 (1) DESERIALIZATION (1) docker (1) DOM-BASED (1) dpapi (1) feroxbuster (1) file-read (1) file-upload (2) FTP (2) gitea (2) gobuster (1) GPO (1) gpp-password (1) GRAPHQL (1) HackTheBox (13) hashcat (2) HashCracking (1) HOST-HEADER (1) htb-active (1) HTB-jerry (1) htb-markup (1) htb-nibbles (1) htb-sea (1) HTB-titanic (1) Hydra (2) imagick (1) impacket (1) index (3) INFORMATION-DISCLOSURE (1) Jenkins (1) John-The-Ripper (1) Joomla (1) JWT (1) kerberoasting (1) kerberos (1) Kerbrute (1) ldap (1) lfi (1) Libreoffice (1) linpeas (1) LLM (1) Log4j (1) metasploit (3) Meterpreter (1) mimikatz (1) mysql (2) nagios (1) nibbleblog (1) nmap (1) NOSQL (1) OAUTH (1) OS-INJECTION (1) PATH-TRAVERSAL (1) pbkdf2 (1) php (1) Portswigger (30) privilege-escalation (6) PROTOTYPE-POLLUTION (1) psexec (1) pyjail (1) Python-Library-Hijacking (1) RACE-CONDITION (1) REQUEST-SMUGGLING (1) reverse-shell (4) Shellshock (1) smb (1) SNMP (1) SQL-INJECTION (1) sqlite (1) ssh (3) SSRF (1) SSTI (2) Steganography (1) sudo (1) tomcat (1) TryHackMe (9) tunneling (1) war-file (1) WEB-CACHE-DECEPTION (1) WEB-CACHE-POISONING (1) Webdav (1) WEBSOCKETS (1) winbox (1) windows (1) windows-ad (1) Wireshark (1) wondercms (1) xml-injection (1) XSS (3) xxe (1) XXE-INJECTION (1)